conn=$dbf->conn; $this->lang=$language; $this->tblprefix=$dbf->tblprefix; if(isset($_SESSION['session_user_id'])) { $user_id=$_SESSION['session_user_id']; $tablename="$this->tblprefix".'users'; $result = mysql_query("SELECT * FROM $tablename WHERE id=\"$user_id\"",$this->conn); //echo "$result"; $row = mysql_fetch_assoc($result); $usertype= $row['type']; //echo "stupid"; //If the page is not public or the user is not an Admin, investigation must continue. if($page_type!='Public' or $usertype!='Admin') { if($usertype!='Admin' and $usertype!='Sales Clerk' and $usertype!='Report Viewer') { //makes sure $usertype is not anything but Admin, Sales Clerk, Report Viewer echo "{$this->lang->attemptedSecurityBreech}"; exit(); } elseif($page_type!='Public' and $page_type!='Admin' and $page_type!='Sales Clerk' and $page_type!='Report Viewer') { //makes sure $page_type is not anything but Public, Admin, Sales Clerk or Report Viewer. echo "{$this->lang->attemptedSecurityBreech}"; exit(); } elseif($usertype!='Admin' and $page_type=='Admin') { //if page is only intented for Admins but the user is not an admin, access is denied. echo "{$this->lang->mustBeAdmin}"; exit(); } elseif(($usertype=='Sales Clerk') and $page_type =='Report Viewer') { //Page is only intented for Report Viewers and Admins. echo "{$this->lang->mustBeReportOrAdmin}"; exit(); } elseif(($usertype=='Report Viewer') and $page_type =='Sales Clerk') { //Page is only intented for Sales Clerks and Admins. echo "{$this->lang->mustBeSalesClerkOrAdmin}"; exit(); } } } /*if(!$this->isLoggedIn()){ header("location: ../login.php"); exit(); } if(!$this->isOpen()){ header("location: ../books/openshop.php"); exit(); }*/ } function isLoggedIn() { //returns boolean based on if user is logged in. if(isset($_SESSION['session_user_id'])) { $user_id=$_SESSION['session_user_id']; $tablename="$this->tblprefix".'users'; $result = mysql_query ("SELECT * FROM $tablename WHERE id=\"$user_id\"",$this->conn); $num = @mysql_num_rows($result); if($num> 0) { return true; } else { return false; } } return false; } function checkLogin($username,$password) { //pre: $username and $password must be strings. ($password is encrypted) //post: returns boolean based on if their login was succesfull. $tablename="$this->tblprefix".'users'; $result = mysql_query ("SELECT * FROM $tablename WHERE username=\"$username\" and password=\"$password\"",$this->conn); $num = @mysql_num_rows($result); if($num > 0) { return true; } return false; } function closeSale() { //deletes sessions vars session_unregister('items_in_sale'); session_unregister('current_sale_customer_id'); session_unregister('current_item_search'); session_unregister('current_customer_search'); } function checkMembership($userID) { global $cfg_membershipID; // Construct the join query $memquery = "SELECT sales.id, sales_items.sale_id, sales_items.item_id, DATE_ADD( sales.date, INTERVAL 1 YEAR ) AS expires FROM sales, sales_items WHERE sales.id = sales_items.sale_id AND sales_items.item_id=$cfg_membershipID AND sales.customer_id=$userID ORDER BY sales.date DESC LIMIT 1;"; //"SELECT sales.id, sales_items.sale_id, sales_items.item_id, DATE_ADD(sales.date, INTERVAL 1 YEAR) as expires ". //"FROM sales, sales_items "."WHERE sales.id = sales_items.sale_id AND sales_items.item_id = '$cfg_membershipID' AND sales.customer_id = '$userID'"; $memresult = mysql_query($memquery) or die(mysql_error()); if(mysql_num_rows($memresult) < 1){ return false; } // Get expiry date $today = date('Y-m-d'); $row = mysql_fetch_array($memresult); $expires = $row['expires']; if($row[item_id] == "1" && $expires >= $today){ return true; }else{ return false; } } function checkWaiver($userID) { // If Membership is ok, check waiver $waiverresult = mysql_query("SELECT waiver FROM customers WHERE id='$userID'"); if (!$waiverresult) { die("Query to check on status of liability waiver failed"); } while ($waiverrow = mysql_fetch_array($waiverresult)) { if ($waiverrow[waiver] == 0 || $waiverrow[waiver] == ""){ return false; } else { return true; } } } function signinMember($userID, $intime, $activity) { global $cfg_reqmembership; $isinresult = mysql_query("SELECT userID FROM visits WHERE endout IS NULL"); if (!$isinresult) { die("Query to show fields from table failed"); } while($isinrow = mysql_fetch_array($isinresult)){ if($userID == "$isinrow[userID]"){ die("Bike Error!! User is already signed in..."); } } // MAKE SURE THEY'VE PAID THEIR MEMBERSHIP (IF REQUIRED BY CONFIG FILE) if($cfg_reqmembership == "1" && !$this->checkMembership($userID)){ echo "Membership not paid or expired!
Go Home -->"; die(''); } // Have you been a naughty schoolchild and not signed your waiver? PUNISH! if(!$this->checkWaiver($userID)){ echo "Waiver not signed. Sign waiver, or no shop access you naughty boy!
Go Home -->"; die(''); } // ADD IT TO THE VISITS DATABASE $in = mktime($_POST[hour], $_POST[minute], 0, $_POST[month], $_POST[day], $_POST[year]); $tdin = date('Y-m-d H:i:s'); //$activity = $_POST[activity]; if($userID){ $query = "INSERT INTO `visits` (`userID` ,`intime` ,`activity`) VALUES ('$userID', '$tdin', '$activity')"; // echo "IT FJDSFDSA $query"; mysql_query($query); } } function isOpen() { //include("settings.php"); //echo "must open = $cfg_company"; //if($cfg_mustOpen == "yes"){ //echo "$this->conn"; //return false; //} //return false; //$tablename="$this->tblprefix".'users'; //$result = mysql_query("SELECT * FROM $tablename WHERE id=\"$user_id\"",$this->conn); /*$today = date("Y-m-d"); $le = mysql_query("SELECT event, date FROM books WHERE event='1' OR event='2' ORDER BY listID DESC LIMIT 1", $this->conn); //$le = mysql_query("SELECT * FROM books");//, $this->conn) or die(mysql_error());// WHERE event='1' OR event='2' ORDER BY listID DESC LIMIT 1", $this->conn); $lastevent = mysql_fetch_assoc($le); if(!$lastevent || $lastevent['event'] == 2 || $lastevent[date] != $today){// || !mysql_num_rows(mysql_query("SELECT * FROM books WHERE date='$today' AND event='1'"))){ return false; }*/return true; //} return true; } function isMechanicHere() { return mysql_fetch_array(mysql_query("SELECT userID FROM visits WHERE endout IS NULL AND activity='Mechanic'")); } function vaildMailman ($host) { $valid = @fsockopen("$host", 80, $errno, $errstr, 30); if ($valid) return TRUE; } } ?>